Share this Page

Campus Portal Security: Access, Risks, and Rewards

Portals are beginning to deliver on the promise of providing users access to
campus information and services. In doing so, what are the security risks for
campuses and the information accessible from campus portals? In an environment
where privacy lapses receive headlines and many adults in the United States
believe online is unsafe, how do colleges and universities create confidence
that campus portals protect and safeguard personal information?

Campus portals can be thought of
as a customized and personalized single point for useful and comprehensive access
to information, people, and processes. The continued growth of campus portals
has seen the field dominated by companies that link portals to their administrative
software (PeopleSoft Inc., Jenzabar Inc.), course software (Blackboard Inc.),
or provide middleware, providing connections to these products (Campus Pipeline
Inc.).

In providing access to personal university information, campus portals encounter
the same risks as other elements of the campus network. Portals face denial
of service attacks, Web alteration, fraud, and identity theft. They must also
support network-level security, encryption, session-management, and authentication
to safeguard sensitive information and prevent unauthorized access. Beyond that
they must provide security for a variety of processes—online database searches,
protection for information that can be accessed and updated, personal communication,
and online credit-card transactions. As an emerging technology they must also
provide the flexibility to accommodate future applications.

Security Requirements
To meet privacy and security concerns, only authorized users can gain access
to the portal, where they are allowed access to only carefully selected applications
and interaction with only portions of the data to which they are entitled. To
ensure security, campus portals must successfully address each of the following
issues:

Authentication: Portals must determine whether someone is who they
claim to be. Most commonly a user logs on to a campus portal using an assigned
name and password. A critical component of authentication is single sign-on
(SSO) capability—the ability for a user to sign onto the portal once
and automatically be authenticated to all other applications within the portal.
SSO eliminates the need for users to log onto multiple systems separately.

Authorization: In a portal environment, with users from various
areas and a significant amount of sensitive information, it is crucial to
define who can see and do what. To access protected information and services,
users must be given permission to do so. Authenticated users can then be authorized
to access resources, Web pages, activities, sections of the portal, and applications
that can be accessed from the portal.

Data Confidentiality and Integrity: Confidential information cannot
be disclosed to unauthorized persons, processes, or devices. Data must not
be accidentally or maliciously modified, altered, or destroyed. Confidentiality
and data integrity are accomplished through access controls, and protection
of transmitted data through encryption techniques. Encryption is the process
of cryptographically converting plain text electronic data into a form unintelligible
to anyone except the intended recipient. For financial transactions, portals
commonly use the Secure Sockets Layer (SSL) Protocol .

Security Management Issues
As with computer networks, portal security is an ongoing concern. This security
depends not only on technology, but also on the actions of portal administrators.
A successful portal will provide tools to do this job easily. Beyond the initial
planning and conceptualization of security mechanisms, careful consideration
should be given to the daily administration of security.

User Management: Someone must manage user accounts, including adding or deleting
users, as well as managing access privileges and user groups. While portals
centralize user credentials, portions of user group administration and associated
authorization may be delegated.

Content Management: Portal information is not static, but constantly evolving,
reflecting the evolution of the university and portal use. Distributed systems
need to be developed to create, submit, approve, and maintain content.

Personalization: User experience and satisfaction will be increased if the
content, functionality, navigation, and interface are configured to the identity
of the user. Personalization is delivered based on information in the user's
profile and attributes associated with the user. Frequently this relies on users
and groups, and a system must be in place to maintain and update this information.

Case Study: Weber State Portal

On March 17, 2003, Weber State University went live with its new student
portal. The three-month implementation incorporated Luminis software from
Campus Pipeline Inc.—a third-party vendor in portal technology. The implementation
team wrestled with all the normal issues of software installation, user
interface, navigation, design, content, and security concerns. However,
our main objective was to achieve secure single sign-on (SSO) to our Web-enabled
applications.

Creating an eServices Account: In order to access the portal,
students must first create an eServices account. Students are guided to
a page that asks for their student ID number and birth date. Our legacy
system then authenticates the individual on four data fields—first
name, last name, student ID, and birth date. An eServices account name,
which is a unique concatenation of first name and last name, is passed
back to the student. The system also requires the student to select a
password (alpha/numeric and case sensitive) and answer a challenge question.

Creating an eDirectory: For security reasons, an eDirectory account
is created for every student and stored on a secure Novell server with
128-bit encryption. The directory stores each student's first name, last
name, eServices name, and password.

Creating an Account: To control access to content such as transcripts,
personal information, academic standing, payroll information, and other
sensitive areas, a Luminis account is also created. The system passes,
via XML, each student's first name, last name, eServices name, e-mail
address, major, and profile to the Luminis server where an account is
created and stored with 128-bit encryption. Storing profile information
on each student allows the portal to display only information and services
to which a student is entitled.

Recovering a Password: Students who forget their password must
enter their student ID and birth date. The system authenticates the person,
passing back to them their unique challenge question. Only if a correct
answer is provided will the student be allowed to enter a new password
and change their challenge question. Users may change their passwords
as often as needed, but the system forces a change every six months. A
password change twice each year seems to be a good balance between protecting
access to the system and not hassling the end user.

We feel the combined security tools of the Campus Pipeline software and
our legacy system has allowed us to achieve that fragile balance between
security and personalized student access to information and services.

Security Weaknesses
Most current campus portal logons depend on user names and passwords. This d'es
not guarantee that the individual is really the person he or she claims to be.
The password may have been stolen or given to someone. If an intruder can easily
guess the password, the system can be compromised.

The Internet uses TCP/IP as the primary data transport protocol. In this process,
intermediate computers are involved in the transport of data from the sender
to the recipient. This introduces weak links to the communication system where
the privacy of data may be compromised, or where information may be stolen.

The first level in securing sensitive data is preventing unauthorized individuals
from accessing sensitive information. Although precautions can be taken to detect
an unauthorized user, it is more difficult to determine if a legitimate user
is purposefully doing something malicious. Frequently, campus identity theft
begins with an insider.

Future Directions
Given the potentially wide range of access points available, from highly secure
locations to public networks, wireless telephones, and personal digital assistants,
future multiple authentication models and systems must be supported. This will
allow portals to securely bridge between user access and traditional portal
entries, as well as other systems.

Some campuses are now adopting implementations of Public Key Infrastructure
(PKI). This enables users of the Internet to securely and privately exchange
data and money through the use of a public and a private cryptographic key pair
obtained and shared through a trusted authority. PKI provides for digital certificates
and signatures that establish user credentials on the Web. Digital certificates
help ensure that only authorized users access restricted information. Digital
signatures authenticate the identity of the sender of a message or the signer
of a document, and can provide a means of ensuring that data has been received
and maintained its integrity.

Potential developments in the standards arena could create single sign-on authentication
control that is truly interoperable among a variety of systems. There is movement
toward adoption of SAML, or Security Assertions Markup Language. This is complicated
by Microsoft Corp.'s use of Kerberos, an existing approach, and by those who
prefer a Java-based solution.

Portals are beginning to adopt authentication factors that go beyond user name
and password to include something a user has in their possession, such as a
smart card or token card. Future directions could include physical characteristics
that can be scanned, such as a retina or fingerprint.

Glossary

Lightweight Directory Access ProtocolThe user name and password
are authenticated against credentials in a relational database (Oracle,
DB2 SQL Server) or a Lightweight Directory Access Protocol (LDAP) service
(Novell NDS, Microsoft Active Directory, Netscape Directory Server). LDAP
is a common directory structure accepted to maintain user information,
organizational information, as well as access control and cryptographic
certificate information. The continued development of portal technology
has been accompanied by the continued evolution of LDAP, which has matured
considerably and is applicable to a wide variety of platforms.

Secure Sockets Layer (SSL) SSL establishes a secure communication
session using public key cryptography, and an agreed upon key to encrypt
and decrypt messages for the session. It handles the functions of authentication,
encryption, and data integrity for secure transactions.

Questions to Answer
Campuses looking to begin a portal project or seeking to analyze the security
of an existing implementation should consider the following questions:

What are the minimum security requirements for our portal?

What are the encryption expectations for password files and transmission
of secure data?

Who is responsible for overseeing the security of the portal?

How often is the security of the portal assessed?

What are the processes for security review as additional systems and capabilities
are added?

Campus portal security will continue to be a delicate balance between access,
functionality, and system performance. Well-designed implementation and careful
attention to ongoing administration can significantly reduce these risks. No
networked system can be 100 percent secure and system security requires never-ending
vigilance. However, by using best practices, campus portals can provide privacy
systems to guarantee users that the information being passed and stored over
the Internet is safe and secure.